Hello developers, I am implementing a package manager named 'cupt' for Debian for the aim to provide future APT replacement using the same archive infrasctucture avoiding however some hard-to-fix APT bugs. One of already present cupt features - checking of Release gpg signatures in every run, not only during 'update' action, which has the benefit to reveal possible gpg key expiries or revokes if the system administrator for some reason don't run 'update' action enough frequently. To achieve this, I need world-readable file containing gpg public keys used for verifying. APT maintains this file as /etc/apt/trusted.gpg. However, its permissions are 600, whereas I need 644. Despite placing in /etc (it has probably to lie in /var/lib/apt, as pointed by Enrico Zini), this is not a conffile. The easiest way for me to fix this is to do 'chmod +r /etc/apt/trusted.gpg' in the cupt's postinst. As this file contains only public gpg public keys, this should not harm anything. One can argue that the sane way to fix this is file a bug against apt, wait for fix and then depend on apt >= (x.y.z), where x.y.z is the fixed version. While this is true, the approach has two drawbacks: 1) depending on newer apt version would lead to uninstallability on Lenny, while now cupt can be installed on pure-Lenny system 2) waiting for fix in apt can take significant time Given all this, are there arguments against that chmod command? -- Eugene V. Lyubimkin aka JackYF, JID: jackyf.devel(maildog)gmail.com C++/Perl developer, Debian Maintainer
Attachment:
signature.asc
Description: OpenPGP digital signature